public override void OnActionExecuting(HttpActionContext actionContext)
{
UmbrellaTheatersEntities db = new UmbrellaTheatersEntities();
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string userName = decodedToken.Substring(0, decodedToken.IndexOf(":"));
string userPassword = decodedToken.Substring(decodedToken.IndexOf(":") + 1);
string firstName = null;
var userId = 0;
try
{
userId = db.Users.Where(un => un.Email == userName)
.Where(pw => pw.Password == userPassword)
.FirstOrDefault().UserId;
firstName = db.Users.Find(userId).FirstName;
}
catch
{
userId = -1;
}
if (userId > 0)
{
if (isAdmin)
{
if (db.Users.Find(userId).Admin)
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userId.ToString()), null);
}
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
else
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(userId.ToString()), null);
}
}
else
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
}
}
